From 20f97d9362bf64e3a6743328eaa7e51409593769 Mon Sep 17 00:00:00 2001
From: Christian Lindig <christian.lindig@cloud.com>
Date: Mon, 2 Sep 2024 15:50:46 +0100
Subject: [PATCH 1/2] CA-397599 XSI-1704 implement setter for blocked ops
 manually

Currently the setter for field VM.blocked_oeprations is auto generated.
Implement this explicitly such that we can update allowed operations
which currently is not happening. Allowed operations are used by
XenCenter to disable operations; this has led to operations becoming
unavaliable because allowed operations where not aligned with blocked
operations when blocked operations were updated.

Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
---
 ocaml/idl/datamodel_vm.ml        | 42 +++++++++++++++++++++++++++++++-
 ocaml/xapi/message_forwarding.ml | 17 +++++++++++++
 ocaml/xapi/xapi_vm.ml            | 12 +++++++++
 ocaml/xapi/xapi_vm.mli           | 16 ++++++++++++
 4 files changed, 86 insertions(+), 1 deletion(-)

diff --git a/ocaml/idl/datamodel_vm.ml b/ocaml/idl/datamodel_vm.ml
index bf6fe168f8a..96939c4d5e2 100644
--- a/ocaml/idl/datamodel_vm.ml
+++ b/ocaml/idl/datamodel_vm.ml
@@ -1628,6 +1628,43 @@ let operations =
         ]
     )
 
+let set_blocked_operations =
+  call ~name:"set_blocked_operations"
+    ~in_product_since:rel_orlando (* but updated 2024 *)
+    ~doc:
+      "Update list of operations which have been explicitly blocked and an \
+       error code"
+    ~params:
+      [
+        (Ref _vm, "self", "The VM")
+      ; (Map (operations, String), "value", "Blocked operations")
+      ]
+    ~allowed_roles:_R_VM_ADMIN ()
+
+let add_to_blocked_operations =
+  call ~name:"add_to_blocked_operations"
+    ~in_product_since:rel_orlando (* but updated 2024 *)
+    ~doc:
+      "Update list of operations which have been explicitly blocked and an \
+       error code"
+    ~params:
+      [
+        (Ref _vm, "self", "The VM")
+      ; (operations, "key", "Blocked operation")
+      ; (String, "value", "Error code")
+      ]
+    ~allowed_roles:_R_VM_ADMIN ()
+
+let remove_from_blocked_operations =
+  call ~name:"remove_from_blocked_operations"
+    ~in_product_since:rel_orlando (* but updated 2024 *)
+    ~doc:
+      "Update list of operations which have been explicitly blocked and an \
+       error code"
+    ~params:
+      [(Ref _vm, "self", "The VM"); (operations, "key", "Blocked operation")]
+    ~allowed_roles:_R_VM_ADMIN ()
+
 let assert_operation_valid =
   call ~in_oss_since:None ~in_product_since:rel_rio
     ~name:"assert_operation_valid"
@@ -1909,6 +1946,9 @@ let t =
       ; restart_device_models
       ; set_uefi_mode
       ; get_secureboot_readiness
+      ; set_blocked_operations
+      ; add_to_blocked_operations
+      ; remove_from_blocked_operations
       ]
     ~contents:
       ([uid _vm]
@@ -2086,7 +2126,7 @@ let t =
             ~default_value:(Some (VSet [])) ~ty:(Set String) "tags"
             "user-specified tags for categorization purposes"
         ; field ~in_product_since:rel_orlando ~default_value:(Some (VMap []))
-            ~qualifier:RW
+            ~qualifier:StaticRO
             ~ty:(Map (operations, String))
             "blocked_operations"
             "List of operations which have been explicitly blocked and an \
diff --git a/ocaml/xapi/message_forwarding.ml b/ocaml/xapi/message_forwarding.ml
index 2ba1139de32..6ed0bc04d85 100644
--- a/ocaml/xapi/message_forwarding.ml
+++ b/ocaml/xapi/message_forwarding.ml
@@ -3097,6 +3097,23 @@ functor
       let get_secureboot_readiness ~__context ~self =
         info "VM.get_secureboot_readiness: self = '%s'" (vm_uuid ~__context self) ;
         Local.VM.get_secureboot_readiness ~__context ~self
+
+      let set_blocked_operations ~__context ~self ~value =
+        info "VM.set_blocked_operations: self = '%s'" (vm_uuid ~__context self) ;
+        Local.VM.set_blocked_operations ~__context ~self ~value ;
+        Xapi_vm_lifecycle.update_allowed_operations ~__context ~self
+
+      let add_to_blocked_operations ~__context ~self ~key ~value =
+        info "VM.add_to_blocked_operations: self = '%s'"
+          (vm_uuid ~__context self) ;
+        Local.VM.add_to_blocked_operations ~__context ~self ~key ~value ;
+        Xapi_vm_lifecycle.update_allowed_operations ~__context ~self
+
+      let remove_from_blocked_operations ~__context ~self ~key =
+        info "VM.remove_from_blocked_operations: self = '%s'"
+          (vm_uuid ~__context self) ;
+        Local.VM.remove_from_blocked_operations ~__context ~self ~key ;
+        Xapi_vm_lifecycle.update_allowed_operations ~__context ~self
     end
 
     module VM_metrics = struct end
diff --git a/ocaml/xapi/xapi_vm.ml b/ocaml/xapi/xapi_vm.ml
index cb5f616d323..3e54a277592 100644
--- a/ocaml/xapi/xapi_vm.ml
+++ b/ocaml/xapi/xapi_vm.ml
@@ -1601,6 +1601,18 @@ let set_domain_type ~__context ~self ~value =
   Db.VM.set_HVM_boot_policy ~__context ~self
     ~value:(derive_hvm_boot_policy ~domain_type:value)
 
+let set_blocked_operations ~__context ~self ~value =
+  debug "%s" __FUNCTION__ ;
+  Db.VM.set_blocked_operations ~__context ~self ~value
+
+let add_to_blocked_operations ~__context ~self ~key ~value =
+  debug "%s" __FUNCTION__ ;
+  Db.VM.add_to_blocked_operations ~__context ~self ~key ~value
+
+let remove_from_blocked_operations ~__context ~self ~key =
+  debug "%s" __FUNCTION__ ;
+  Db.VM.remove_from_blocked_operations ~__context ~self ~key
+
 let set_HVM_boot_policy ~__context ~self ~value =
   Db.VM.set_domain_type ~__context ~self
     ~value:(derive_domain_type ~hVM_boot_policy:value) ;
diff --git a/ocaml/xapi/xapi_vm.mli b/ocaml/xapi/xapi_vm.mli
index 19a737755e0..d0771c49cfa 100644
--- a/ocaml/xapi/xapi_vm.mli
+++ b/ocaml/xapi/xapi_vm.mli
@@ -428,3 +428,19 @@ val set_uefi_mode :
 
 val get_secureboot_readiness :
   __context:Context.t -> self:API.ref_VM -> API.vm_secureboot_readiness
+
+val set_blocked_operations :
+     __context:Context.t
+  -> self:API.ref_VM
+  -> value:(API.vm_operations * string) list
+  -> unit
+
+val add_to_blocked_operations :
+     __context:Context.t
+  -> self:API.ref_VM
+  -> key:API.vm_operations
+  -> value:string
+  -> unit
+
+val remove_from_blocked_operations :
+  __context:Context.t -> self:API.ref_VM -> key:API.vm_operations -> unit

From 7d6d88e50d24a2971d1cdc978f91dacce5862168 Mon Sep 17 00:00:00 2001
From: Christian Lindig <christian.lindig@cloud.com>
Date: Thu, 12 Sep 2024 13:19:11 +0100
Subject: [PATCH 2/2] CA-397599 XSI-1704 update schema hash

Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
---
 ocaml/idl/schematest.ml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/ocaml/idl/schematest.ml b/ocaml/idl/schematest.ml
index c375a909149..0afe0a10be1 100644
--- a/ocaml/idl/schematest.ml
+++ b/ocaml/idl/schematest.ml
@@ -3,7 +3,7 @@ let hash x = Digest.string x |> Digest.to_hex
 (* BEWARE: if this changes, check that schema has been bumped accordingly in
    ocaml/idl/datamodel_common.ml, usually schema_minor_vsn *)
 
-let last_known_schema_hash = "428caff23cdb969c59a9960beefd7bb6"
+let last_known_schema_hash = "60590fa3fa2f8af66d9bf3c50b7bacc2"
 
 let current_schema_hash : string =
   let open Datamodel_types in
@@ -19,11 +19,10 @@ let () =
   if last_known_schema_hash <> current_schema_hash then (
     Printf.eprintf
       {|
-
 New schema hash ('%s') doesn't match the last known one. Please bump the
-datamodel schema versions if necessary, and update 'last_known_schema_hash'.
-
+datamodel schema versions if necessary, and update 'last_known_schema_hash'
+in file %s.
 |}
-      current_schema_hash ;
+      current_schema_hash __FILE__ ;
     exit 1
   )